Hi,
On Mon, Aug 24, 2009 at 5:45 AM, Gustavo F. Padovan
<gustavo@xxxxxxxxxxxxxxxxx> wrote:
> Avoid race conditions when acessing the sock.
>
> Signed-off-by: Gustavo F. Padovan <gustavo@xxxxxxxxxxxxxxxxx>
> ---
> net/bluetooth/l2cap.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
> index c04526f..efac637 100644
> --- a/net/bluetooth/l2cap.c
> +++ b/net/bluetooth/l2cap.c
> @@ -1192,6 +1192,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> struct sock *sk = (void *) arg;
> u16 control;
>
> + bh_lock_sock(sk);
> if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
> l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
missing unlock ?
> return;
> @@ -1203,6 +1204,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
> control = L2CAP_CTRL_POLL;
> control |= L2CAP_SUPER_RCV_READY;
> l2cap_send_sframe(l2cap_pi(sk), control);
> + bh_unlock_sock(sk);
> }
Please consider following patch:
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1208,6 +1208,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
bh_lock_sock(sk);
if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
+ bh_unlock_sock(sk);
return;
}
Also see complete patch attached.
Regards,
Andrei Emeltchenko
Attachment:
0001-Bluetooth-Fix-locking-scheme-regression.patch.gz
Description: GNU Zip compressed data
